U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware

U.S. Charges Venezuelan Doctor for Using and Selling Thanos Ransomware

Cybercriminals aren’t always people that work in programming, as is the case of Moises Luis Zagala Gonzalez, a 55-year-old Venezuelan cardiologist. Known by monikers as Nosophoros, Nebuchadnezzar, or Aesculapius, the Venezuelan cardiologist is accused by the U.S. of being the mastermind behind the Thanos ransomware.

The charges brought against the doctor range from entering profit-sharing arrangements to the use and sale of the malicious tool. He is alleged to develop and market the ransomware builder to other cybercriminals. The reason? To facilitate the intrusions and receive a part of the bitcoin profit.

Venezuelan Cybercriminal Doctor

Moises Luis Zagala Gonzalez treated patients and developed the ransomware in his spare time. The doctor made a considerable profit from the global ransomware system, where he sold the necessary tools to conduct ransomware attacks.

The Venezuelan doctor even trained would-be attackers on how to extort victims and boasted about his successful scheme. The RaaS – ransomware-as-a-service scheme involved encrypting various files and data belonging to many companies.

The ransomware acted like any other. Victims would have to pay the ransom to gain the decryption key and get access back to their data. The doctor targeted non-profit entries and other institutions vulnerable to such attacks.

Zagala may face up to five years imprisonment if convicted of attempted computer intrusion. The Venezuelan doctor may face an additional five years imprisonment for conspiracy to commit computer intrusions.

The Thanos Ransomware Builder

The Thanos private software developed by the Venezuelan cybercriminal doctor is a tool that can create ransomware. After buying the ransomware builder, purchasers were free to develop their own customized ransomware. They would either lease it to other hackers or use it themselves to widen their attacks’ scope.

See also  Reminder: Splatoon 3's first Splatfest starts today

Recorded Future analyzed the Thanos ransomware builder in 2020. It revealed that the ransomware builder had 43 configuration options. It was labeled one of the first ransomware types of malware to leverage the RIPlace technique. It could bypass even ransomware protection build-in on Windows 10.

Some notable options that hackers could use on the Thanos builder included the ability to:

  • Change ransom notes
  • Select the list of file types to be exfiltrated before encryption
  • Evade detection and self-delete settings after execution

Rumors circulated that the Venezuelan doctor advertised the Thanos software on darknet cybercrime forums. He offered potential buyers the ability to use the software for a month with basic options at $500 or $800 with full options.

While advertising his ransomware builder, the doctor also recruited purchasers (affiliates) for the RaaS program.

On the Hunt for the Venezuelan Cybercriminal Doctor

May 1, 2020, was the beginning of the end for doctor Moises Luis Zagala Gonzalez. A human source for the FBI contacted Zagala to join his affiliate program. Zagala informed the undercover agent that he didn’t have any spots left.

Zagala was traced on May 3, 2022, after a Paypal account was linked to one of his U.S. relatives in Florida. The relative confirmed that Zagala taught himself computer programming and resided in Venezuela. Despite this, he sent the agent tutorials on using the ransomware builder and set up an affiliate crew.

Increasing Cybersecurity Tips

Zagala, the cybercriminal doctor, is just one example of thousands of ill-intended people who use their computer programming skills to hack individuals and companies. Fortunately, there are ways to fight back against cybercriminals and defend yourself against their malicious attacks. Here is how!

See also  Hackers can infect >100 Lenovo models with unremovable malware. Are you corrected?

Use a VPN

A VPN is among the best tools companies and individuals can use to enhance their cybersecurity levels. A VPN allows you to encrypt your online data and hide your IP address. This way, would-be attackers won’t be able to track you and steal your information.

A VPN can be used to secure even public WiFi connections. It allows you to change your geo-location. Furthermore, certain VPN providers offer additional features to take your cybersecurity to a whole new level.

An example would be the Threat Protection feature created by NordVPN. It is software implemented in the VPN that blocks malicious sites before you can enter them. It also eliminates trackers that most websites use for ad customization. It is also helpful against phishing and shows the weak points on your PC.

Another VPN feature offered by some providers is the killswitch system. It is a mechanism in which your PC will disconnect from the internet automatically if your VPN stops working for a reason.

Avoid Downloading Suspicious Files

Many people are tempted to pirate their favorite movies, games, and music from the internet. However, these files may be corrupt and contain malware in many cases. It is best to avoid pirating and only download media from official sources.

Two-factor Authentication

Your passwords are the first line of defense in case of a data breach. You should set up an additional layer of protection if your password is cracked. Use strong passwords and a password manager so you won’t forget your credentials.

Update Your PC

Updates play a crucial role in the defense system of your PC. If your OS or any other software is out-of-date, hackers can exploit that weakness and infect your PC. Keep everything updated to stay safe.

Leave a Reply

Your email address will not be published. Required fields are marked *